October 18, 2017


Attacking the Weakest Link in the Supply Chain

3 min read

What Just Happened?! Millions invested in the latest security technologies? Check. Your team trained on information security best practices? Check. Passed a third-party review of your security architecture? Check. So, how the hell were hundreds of your servers’ hard drives just destroyed by malware within minutes?! That’s exactly what your CEO, your Board and your […]

October 12, 2017


Disassembler and Runtime Analysis

1 min read

This post was authored by Paul Rascagneres. Introduction In the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of “Symantec Endpoint”. This file is named EFACli64.dll. The modification is performed in the runtime code included by the compiler, more precisely in the […]

September 20, 2017


CCleaner Command and Control Causes Concern

1 min read

This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner […]